tomcat8的Valve Component(阀门组件)之Remote IP Valve远程IP阀门

谯振国

2023-12-01

介绍

Tomcat port of mod_remoteip, this valve replaces the apparent client remote IP address and hostname for the request with the IP address list presented by a proxy or a load balancer via a request headers (e.g. "X-Forwarded-For").

Tomcat的mod_remoteip端口，此阀门valve用代理或负载均衡器通过请求headers（例如“ X-Forwarded-For”）提供的IP地址列表替换请求的表面客户端远程IP地址和主机名。

Another feature of this valve is to replace the apparent scheme (http/https), server port and request.secure with the scheme presented by a proxy or a load balancer via a request header (e.g. "X-Forwarded-Proto").

该阀的另一个功能是通过代理或负载均衡器通过请求headers（例如“ X-Forwarded-Proto”）替换表面scheme（http / https），服务器端口和request.secure。

This Valve may be used at the Engine, Host or Context level as required. Normally, this Valve would be used at the Engine level.

可以根据需要在Engine，Host或Context级别使用此Valve。通常，此valve将在Engine级别使用。

If used in conjunction with Remote Address/Host valves then this valve should be defined first to ensure that the correct client IP address is presented to the Remote Address/Host valves.

如果与Remote Address/Host valves结合使用，则应首先定义此valve，以确保向Remote Address/Host valves提供正确的客户端IP地址。

Remote_Address_Valve与Remote_Host_Valve的文档地址

Note: By default this valve has no effect on the values that are written into access log. The original values are restored when request processing leaves the valve and that always happens earlier than access logging. To pass the remote address, remote host, server port and protocol values set by this valve to the access log, they are put into request attributes. Publishing these values here is enabled by default, but AccessLogValve should be explicitly configured to use them. See documentation for requestAttributesEnabled attribute of AccessLogValve.

注意：默认情况下，此valve不影响写入访问日志(access log)的值。当请求处理离开valve时，将恢复原始值，并且总是在访问日志记录(access log)之前发生。要将此valve设置的远程地址，远程主机，服务器端口和协议的值传递到访问日志，它们将放入请求属性(request attributes)中。默认情况下，在此处发布这些值是启用的，但应明确配置AccessLogValve以使用它们。请参阅文档以获取AccessLogValve的requestAttributesEnabled属性。

Access_Log_Valve文档地址，也可以看上篇文章tomcat8的Valve Component(阀门组件)之AccessLog访问日志配置

The names of request attributes that are set by this valve and can be used by access logging are the following:

由该valve设置并可由访问日志(access log)使用的请求属性的名称如下：

org.apache.catalina.AccessLog.RemoteAddr
org.apache.catalina.AccessLog.RemoteHost
org.apache.catalina.AccessLog.Protocol
org.apache.catalina.AccessLog.ServerPort
org.apache.tomcat.remoteAddr

属性

The Remote IP Valve supports the following configuration attributes:

Attribute	Description
`className`	Java class name of the implementation to use. This MUST be set to org.apache.catalina.valves.RemoteIpValve.
`remoteIpHeader`	Name of the HTTP Header read by this valve that holds the list of traversed IP addresses starting from the requesting client. If not specified, the default of `x-forwarded-for` is used.
`internalProxies`	Regular expression (using `java.util.regex`) that a proxy's IP address must match to be considered an internal proxy. Internal proxies that appear in the remoteIpHeader will be trusted and will not appear in the proxiesHeader value. If not specified the default value of `10\.\d{1,3}\.\d{1,3}\.\d{1,3}\|192\.168\.\d{1,3}\.\d{1,3}\|169\.254\.\d{1,3}\.\d{1,3}\|127\.\d{1,3}\.\d{1,3}\.\d{1,3}\|172\.1[6-9]{1}\.\d{1,3}\.\d{1,3}\|172\.2[0-9]{1}\.\d{1,3}\.\d{1,3}\|172\.3[0-1]{1}\.\d{1,3}\.\d{1,3}\|0:0:0:0:0:0:0:1` will be used.
`proxiesHeader`	Name of the HTTP header created by this valve to hold the list of proxies that have been processed in the incoming remoteIpHeader. If not specified, the default of `x-forwarded-by` is used.
`requestAttributesEnabled`	Set to `true` to set the request attributes used by AccessLog implementations to override the values returned by the request for remote address, remote host, server port and protocol. Request attributes are also used to enable the forwarded remote address to be displayed on the status page of the Manager web application. If not set, the default value of `true` will be used.
`trustedProxies`	Regular expression (using `java.util.regex`) that a proxy's IP address must match to be considered an trusted proxy. Trusted proxies that appear in the remoteIpHeader will be trusted and will appear in the proxiesHeader value. If not specified, no proxies will be trusted.
`protocolHeader`	Name of the HTTP Header read by this valve that holds the protocol used by the client to connect to the proxy. If not specified, the default of `X-Forwarded-Proto` is used.
`hostHeader`	Name of the HTTP Header read by this valve that holds the host used by the client to connect to the proxy. If not specified, the default of `null` is used.
`portHeader`	Name of the HTTP Header read by this valve that holds the port used by the client to connect to the proxy. If not specified, the default of `null` is used.
`protocolHeaderHttpsValue`	Value of the protocolHeader to indicate that it is an HTTPS request. If not specified, the default of `https` is used.
`httpServerPort`	Value returned by `ServletRequest.getServerPort()` when the protocolHeader indicates `http` protocol and no portHeader is present. If not specified, the default of `80` is used.
`httpsServerPort`	Value returned by `ServletRequest.getServerPort()` when the protocolHeader indicates `https` protocol and no portHeader is present. If not specified, the default of `443` is used.
`changeLocalHost`	If `true`, the value returned by `ServletRequest.getLocalHost()` and `ServletRequest.getServerHost()` is modified by the this valve. If not specified, the default of `false` is used.
`changeLocalPort`	If `true`, the value returned by `ServletRequest.getLocalPort()` and `ServletRequest.getServerPort()` is modified by the this valve. If not specified, the default of `false` is used.

tomcat8的Valve Component(阀门组件)之Remote IP Valve远程IP阀门

介绍

属性

相关阅读

相关文章

相关问答

相关文档